CISA Notes

Preparing for a Breach Investigation
www.isaca.org/About-ISACA/-ISACA-Newsletter/Pages/@-isaca-volume-1-13-january-2016.aspx

@ISACA Volume 1 | 13 January 2016 “Culture eats strategy for breakfast.” These words, attributed to the late management consultant Peter Drucker, are often used to describe organizations that fail despite having a great strategy, the best trained staff or abundant revenue. But what is culture and how does it impact risk management i…

Risk and Politics

By Jack Freund, Ph.D., CISA, CISM, CRISC

Read More
http://www.isaca.org/About-ISACA/-ISACA-Newsletter/Pages/@-isaca-volume-26-30-december-2015.aspx

@ISACA Volume 26 | 30 December 2015 If you have worked in the IT risk profession for any period of time, you have undoubtedly felt pressured into adjusting risk ratings to satisfy a constituency. Perhaps it was to support the status quo or to postpone risk response until action could be conveniently taken. A common reason for this pre…

Standing Out With a CISM Certification

Teju Oyewole, CISA, CISM, CRISC, CISSP, CSOE, ISO 27001 LA, MBCS, Shares His Experience as a CISM

Read More
www.isaca.org/About-ISACA/-ISACA-Newsletter/Pages/@-isaca-volume-25-16-december-2015.aspx

www.isaca.org

Forecasting the Future for IT Audit

The winds of change continue to blow through the IT auditing field, according to the 5th Annual IT Audit Benchmarking Survey conducted by ISACA® and Protiviti. In the wake of ongoing technological advances, businesses are being repeatedly disrupted and transformed. This is the dynamic environment in which IT audit leaders and functions must operate and succeed.

More than 1,200 survey respondents cited 10 primary issues of concern for IT audit professionals this past year. Chief among them is managing innovation: the challenge of balancing efficiency gains from new technologies with risks from emerging threats. All of these survey results and their implications are discussed in the new White Paper—A Global Look at IT Audit Best Practices—available FREE for download today!
http://www.isaca.org/knowledge-center/research/researchdeliverables/pages/a-global-look-at-it-audit-best-practices.aspx

A Global Look at IT Audit Best Practices ISACA and Protiviti partnered to conduct the fifth annual IT Audit Benchmarking Survey in the third quarter of 2015. This global survey, conducted online, consisted of a series of questions grouped into five categories:

‘Twas the Night Before Audit

By Kathleen M. Stetz

Read More
www.isaca.org/About-ISACA/-ISACA-Newsletter/Pages/@-isaca-volume-24-2-december-2015.aspx

@ISACA Volume 24 | 2 December 2015 When people do not feel well, they consult a doctor and describe their symptoms. The doctor needs to find out why the patient feels ill, which requires knowing the answers to a series of questions. Some questions will be answered by the patient and some questions need to have tests performed to gath…

A Global Look at IT Audit Best Practices for 2016

ISACA and Protiviti would like to invite you to a FREE webinar to analyze 2016's trends based on the results of the recent 5th Annual IT Audit Benchmarking Survey.

Join Accenture’s Managing Director of Global IT Audit, Bob Kress; Protiviti's IT Audit Practice Leader, David Brand; and ISACA’s Director of Privacy and Assurance Practices, Nancy Cohen, as they discuss the trends shaping businesses today and key survey findings, including:

IT changes and security are top of mind
Significant concerns exist about finding qualified resources and skills
IT audit risk assessments are an absolute must

2016 IT Audit Benchmarking Survey: A Global Look at IT Audit Best Practices
Wednesday, 9 December 2015: 12PM (EST) / 17:00 (UTC)
Up to 1.5 Free CPEs available
Register Now >
https://event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&partnerref=ISACA&eventid=1087773&sessionid=1&key=F1C3DF6A9F9B2CD731AA6ACBDC7CCFF4®Tag=&sourcepage=register

Event Registration

Learn the How To For Managing Who’s Really Who in Identity Access

Join CA Technologies’ security solutions expert Sumner Blount for his insights into current trends in privileged identity management at next month’s FREE one-hour ISACA Webinar. Better manage the increasing number and types of business user identities by discovering:

How increased interaction impacts identity management lifecycles
Why engagement with identity services can help keep open enterprises secure
Which strategies and techniques are proving effective in reducing breaches

Blount Summer
How Much Risk is Too Much? Leveraging Identity Governance to Manage Risk
Thursday, 3 December 2015: 12PM (EST) / 17:00 (UTC)
ISACA Members Earn 1 Free CPE
Register Now >
http://www.isaca.org/Education/Online-Learning/Pages/webinar-how-much-risk-is-too-much-leveraging-identity-governance-to-manage-the-risk-equation.aspx

Webinar: How Much Risk Is Too Much? Leveraging Identity Governance to Manage Risk As you face an increasing number of identities with the inclusion of different types of business users, techniques such as risk-based access and entitlement catalogs become essential to mitigating the risks to your business.

Learn How to Prioritize your Responses to Exponentially Expanding Cyber Threats

Join Palo Alto Networks threat intelligence expert Scott Simkin for next month’s FREE, one-hour CSX Cybersecurity Series Webinar. Learn how Cyberthreat Intelligence can help over-burdened security teams prioritize which of multiple cyber attacks requires the most immediate response:

Determine what is a critical, unique, and targeted attack
Add much-needed context to indicators of compromise
Take indicators of maliciousness and turn them into new protection mechanisms
http://www.isaca.org/Education/Online-Learning/Pages/webinar-threat-intelligence-how-to-identify-the-attacks-that-matter-most.aspx

Threat Intelligence: How to Identify the Attacks that Matter Most For most security teams, there are simply too many alerts to deal with in a given day. From various security devices and third-party feeds to threat intelligence sources, the sea of information makes it virtually impossible for organizations to respond quickly prior to any damage being done.

Internet of Things—The Fate We Make for Ourselves
Read More
http://www.isaca.org/About-ISACA/-ISACA-Newsletter/Pages/@-isaca-volume-23-18-november-2015.aspx

@ISACA Volume 23 | 18 November 2015 For information risk and security programs and professionals to continue to stay relevant, provide value and be effective in the organizations they support, they must regularly adjust their approach. Organizations are constantly maturing and evolving, while simultaneously changing their activities,…

Leveraging COBIT to Implement Information Security

By John Frisken, CISA, CA
http://www.isaca.org/COBIT/focus/Pages/leveraging-cobit-to-implement-information-security-part-4.aspx

Leveraging COBIT to Implement Information Security (Part 4) This article is the final article of a 4-part “Leveraging COBIT to Implement Information Security” series. Part 1 covered how COBIT 5 can be used to establish the overall framework for the collaboration of technical standards such as the IT Infrastructure Library (ITIL), ISO/IEC 27001 and SANS Criti…

Reinventing Our Processes

By Peter T. Davis, CISA, CISM, CGEIT, COBIT FC/IC/AC, CISSP, CPA, CMA, CMC, ITIL FC, ISO 27001 LI/LA, ISO 27005/31000 RM, ISO 20000 FC, ISO 9001 FC, ISO 28000 FC, ISTQB CTFL, Lean IT FC, Open FAIR FC, PMI-RMP, PMP, PRINCE2 FC, SSGB
http://www.isaca.org/COBIT/focus/Pages/reinventing-our-processes.aspx

Reinventing Our Processes Some COBIT processes focus on the need to reinvent your organization. Innovation (as in COBIT 5 process APO04 Manage innovation), for example, is always a matter of reinventing, reengineering or continually improving. Successful businesses are always in a constant process of reinvention. If you are…

COBIT 5 and Independent IT Services Suppliers

By Vincent Pearce, CGEIT, ITIL, priSM
http://www.isaca.org/COBIT/focus/Pages/cobit-5-and-independent-it-services-suppliers.aspx

COBIT 5 and Independent IT Services Suppliers I focus on delivering IT managed service outsource transitions and implementations, working with organisations that are outsourcing IT services or transitioning between suppliers. As an IT managed service specialist, I have extensive experience with ITIL; however, when bearing in mind the end-to-end…